Closed s-u closed 4 years ago
Ok, this appears to be an Amazon policy:
The temporary credentials that you get when you call GetSessionToken have the following capabilities and limitations: You cannot use the credentials to call IAM or AWS STS API operations. You can use them to call API operations for other AWS services.
Please specify whether your issue is about:
iam
API calls fail in sessions created withget_session_token()
Given that the error is "InvalidClientTokenId" and not "AccessDenied" this looks like some possible issue in handling the request. Note, however, that it is unique to
iam
and does not happen withsts
(orS3
).